What's new in Microsoft Graph

Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.

For more detailed API-level updates, see the Microsoft Graph API changelog.

For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.

October 2025: New and generally available

Backup storage

• Use the protectionSources property on driveProtectionUnit, mailboxProtectionUnit, and siteProtectionUnit to get the sources by which a protection unit is currently protected.
• Update a driveProtectionRule or a mailboxProtectionRule.
• Delete and unprotect all the artifacts protected by a dynamic rule in a driveProtectionRule or a mailboxProtectionRule.

Device and app management | Cloud PC

List the Cloud PC devices that are attributed to the signed-in user.

Education

• List the dependent education assignment resources for a given education assignment resource.
• List the dependent education submission resources for a given education submission resource.

Employee experience | Employee engagement

Viva Engage now supports new APIs for managing roles, allowing you to list, assign, and remove roles for users. For more information, see Use the Microsoft Graph API to work with Viva Engage.

Files

Added the following new endpoints as supported request URLs for the driveItem: createUploadSession API:

• POST /drives/{driveId}/items/{parentItemId}:/{fileName}:/createUploadSession
• POST /groups/{groupId}/drive/items/{parentItemId}:/{fileName}:/createUploadSession
• POST /sites/{siteId}/drive/items/{parentItemId}:/{fileName}:/createUploadSession
• POST /users/{userId}/drive/items/{parentItemId}:/{fileName}:/createUploadSession

Identity and access | Directory management

• Addressed a permissions issue for internalDomainFederation write operations. Previously, delegated scenarios required the high-privilege Directory.AccessAsUser.All permission. Two new, lesser-privileged permissions are now available for managing the internalDomainFederation resource:

  • Domain-InternalFederation.Read.All – Read internalDomainFederation resources.
  • Domain-InternalFederation.ReadWrite.All – Read and write internalDomainFederation resources.

• Added the Domain-InternalFederation.ReadWrite.All delegated and application permissions as lower-privilege alternatives for updating a domain. This also enables updating the authenticationType property of a domain in both delegated and application contexts, whereas previously only delegated scenarios with Directory.AccessAsUser.All permission were supported.

These new permissions enable more granular access control for managing internalDomainFederation and domain resources.

Identity and access | Identity and sign-in

Microsoft Graph now supports new delegated and application permissions scoped to individual authentication methods supported by Microsoft Entra. These permissions provide lesser-privileged alternatives to the more widely scoped UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite.All, UserAuthenticationMethod.ReadWrite and UserAuthenticationMethod.Read.All permissions, helping you improve your organization's security posture by adopting least privilege practices.

Permission	Supported authentication methods	Delegated	Application
UserAuthMethod-Email.Read	Email
UserAuthMethod-Email.Read.All	Email
UserAuthMethod-Email.ReadWrite.All	Email
UserAuthMethod-External.Read	External
UserAuthMethod-External.Read.All	External
UserAuthMethod-External.ReadWrite.All	External
UserAuthMethod-HardwareOATH.Read	Hardware OATH
UserAuthMethod-HardwareOATH.Read.All	Hardware OATH
UserAuthMethod-HardwareOATH.ReadWrite	Hardware OATH
UserAuthMethod-HardwareOATH.ReadWrite.All	Hardware OATH
UserAuthMethod-MicrosoftAuthApp.Read	Microsoft Authenticator
UserAuthMethod-MicrosoftAuthApp.Read.All	Microsoft Authenticator
UserAuthMethod-MicrosoftAuthApp.ReadWrite	Microsoft Authenticator
UserAuthMethod-MicrosoftAuthApp.ReadWrite.All	Microsoft Authenticator
UserAuthMethod-Passkey.Read	FIDO2
UserAuthMethod-Passkey.Read.All	FIDO2
UserAuthMethod-Passkey.ReadWrite	FIDO2
UserAuthMethod-Passkey.ReadWrite.All	FIDO2
UserAuthMethod-Password.Read	Password
UserAuthMethod-Password.Read.All	Password
UserAuthMethod-Password.ReadWrite	Password
UserAuthMethod-Password.ReadWrite.All	Password
UserAuthMethod-Phone.Read	Phone
UserAuthMethod-Phone.Read.All	Phone
UserAuthMethod-Phone.ReadWrite	Phone
UserAuthMethod-Phone.ReadWrite.All	Phone
UserAuthMethod-PlatformCred.Read	Platform Credential
UserAuthMethod-PlatformCred.Read.All	Platform Credential
UserAuthMethod-PlatformCred.ReadWrite	Platform Credential
UserAuthMethod-PlatformCred.ReadWrite.All	Platform Credential
UserAuthMethod-QR.Read	QR Code
UserAuthMethod-QR.Read.All	QR Code
UserAuthMethod-QR.ReadWrite	QR Code
UserAuthMethod-QR.ReadWrite.All	QR Code
UserAuthMethod-SoftwareOATH.Read	Software OATH
UserAuthMethod-SoftwareOATH.Read.All	Software OATH
UserAuthMethod-SoftwareOATH.ReadWrite	Software OATH
UserAuthMethod-SoftwareOATH.ReadWrite.All	Software OATH
UserAuthMethod-TAP.Read	Temporary Access Pass
UserAuthMethod-TAP.Read.All	Temporary Access Pass
UserAuthMethod-TAP.ReadWrite	Temporary Access Pass
UserAuthMethod-TAP.ReadWrite.All	Temporary Access Pass
UserAuthMethod-WindowsHello.Read	Windows Hello for Business
UserAuthMethod-WindowsHello.Read.All	Windows Hello for Business
UserAuthMethod-WindowsHello.ReadWrite	Windows Hello for Business
UserAuthMethod-WindowsHello.ReadWrite.All	Windows Hello for Business

Teamwork and communications | Calls and online meetings

Use the callEvent and emergencyCallEvent resources to provide detailed information about both standard and emergency call events. For more information, see Change notification for active meeting call events and change notification for emergency call events.

October 2025: New in preview only

Calendars | Places

Apply the following prerequisites for the Places list and descendant APIs before you can use these APIs; otherwise, they don't return any places.

Device and app management | Cloud PC

• Use the sessionStartDateTime property on cloudPcFrontlineSharedDeviceDetail to get the date and time when the current user session starts, or null if no current user session exists.
• Deprecated the getCloudPcLaunchInfo method in favor of the retrieveCloudPcLaunchDetail API.
• Deprecated the cloudPcExternalPartnerSetting resource and replaced with the cloudPcExternalPartner resource.
• Create, get, or update an external partner of Cloud PC, such as the partner status, and enable or disable the connection.
• Import, purge, or retrieve an external snapshot of a Cloud PC.
• Get information about licenses that the Cloud PC service directly manages using the cloudPcManagedLicense resource and the list managedLicenses operation. These cloudpc-managed licenses help administrators track license allocation, status, and usage across their Cloud PC deployments.

Education

• List the dependent education assignment resources for a given education assignment resource.
• List the dependent education submission resources for a given education submission resource.

Files

Added the following new endpoints as supported request URLs for the driveItem: createUploadSession API:

• POST /drives/{driveId}/items/{parentItemId}:/{fileName}:/createUploadSession
• POST /groups/{groupId}/drive/items/{parentItemId}:/{fileName}:/createUploadSession
• POST /sites/{siteId}/drive/items/{parentItemId}:/{fileName}:/createUploadSession
• POST /users/{userId}/drive/items/{parentItemId}:/{fileName}:/createUploadSession

Sites and lists

Create a SharePoint site and monitor its creation status.

September 2025: New and generally available

Applications

From the end of September 2025, the maximum page size for the List servicePrincipals API will be 100 objects from 999 objects.

Backup storage

Added a note to the artifactCount property of the granularMailboxRestoreArtifact about its upcoming deprecation.

Education

• The assignment service in the education APIs in Microsoft Graph has updated its throttling limits: per app per tenant requests are now limited to 350 per 10 seconds and 10,000 per hour. Per tenant for all apps, the limits are now 700 per 10 seconds and 20,000 per hour. A new limit of 25 requests per 10 seconds is also introduced for POST /publish operations.
• Get a list of Reading Coach passages that were practiced by a student.
• Get a list of speaker assignments that were submitted by a student.
• Use the educationSpeakerProgressResource to help students gain confidence and reduce anxiety with AI-powered real-time feedback on public speaking skills, such as pace, pitch, and filler words. Speaker Progress also saves educators time and creates more opportunities for independent practice during in-class presentations.

Employee experience | Employee engagement

Use the onlineMeetingEngagementConversation APIs to get all Teams question and answer (Q&A) conversation messages in a tenant and list reactions in an online meeting.

Files

Defined the following endpoints as supported for the driveItem: discardCheckout API:

• /drives/{driveId}/items/{itemId}/discardCheckout
• /groups/{groupId}/drive/items/{itemId}/discardCheckout
• /me/drive/items/{item-id}/discardCheckout
• /sites/{siteId}/drive/items/{itemId}/discardCheckout
• /users/{userId}/drive/items/{itemId}/discardCheckout

Security | Alerts and incidents

• Added the following new properties to the securityGroupEvidence resource:
  • Use the activeDirectoryObjectGuid property to get the unique group identifier assigned by the on-premises Active Directory.
  • Use the distinguishedName property to identify the distinguished name of the security group.
  • Use the friendlyName property to identify the friendly name of the security group.
  • Use the sid property to get the security identifier of the group.
• Use the activeDirectoryObjectGuid property on userAccount to get the unique user identifier assigned by the on-premises Active Directory.

Security | eDiscovery

• Added holdPolicySync as a supported value for the action property of the caseOperation and its inherited types.
• Use the caseType property on ediscoveryCaseSettings to get or set the type of an eDiscovery case.
• Use the reviewSetSettings property on ediscoveryCaseSettings to get or set the review set settings for a case.

Teamwork and communications | Calls and online meetings

• Removed inACall, inAConferenceCall, inactive, inAMeeting, presenting, urgentInterruptionsOnly, and offWork as supported values for the activity property of presence.
• Removed availableIdle and busyIdle as supported values for the availability property of presence.
• Added focusing, inACall, inAMeeting, and presenting as supported values to the availability property of presence.
• The throttling limit for the presence resource increased from 1,500 to 10,000 requests per 30 seconds, per application per tenant.
• Use the allowCopyingAndSharingMeetingContent property on onlineMeeting and virtualEventSession to indicate whether the ability to copy and share meeting content is enabled for a meeting or virtual event session.

Teamwork and communications | Messaging

• Create a one-on-one or group chat with installed apps.
• Create a one-on-one or group chat with RSC-granted apps.

September 2025: New in preview only

Backup storage

Added a note to the artifactCount property of the granularMailboxRestoreArtifact about its upcoming deprecation.

Calendars | Places

• The new map APIs in Places enable applications with appropriate read or write permissions to interact with map feature objects. For more information, see Working with the Places API in Microsoft Graph.
• Use the checkInClaim resource to represent the check-in status of an Outlook calendar event booked at a place. For more information see, Create checkInClaim and Get checkInClaim.

Device and app management | Cloud PC

• Added reserve as a supported value for the provisioningType property of the cloudPC and cloudPcServicePlan.
• Use the createdBy, createdDateTime, lastModifiedBy, and lastModifiedDateTime properties to determine when and by whom a cloudPcProvisioningPolicy was created or modified.
• Added the cloudPcUserSettingsPersistenceUsageThreshold, cloudPcDeprovisionedThreshold, and cloudPcReserveDeprovisionFailedThreshold as supported values for the conditionCategory property of ruleCondition.
• Added the cloudPcUserSettingsPersistenceScenario and cloudPcDeprovisionFailedScenario as supported values for the alertRuleTemplate properties of alertRecord and alertRule.
• Use the provisioningSourceType property on cloudPcUserSetting to indicate the provisioning source of the Cloud PC prepared for an end user.
• Use the groupDetail property on cloudPC to get the Microsoft Entra group details associated with a Reserve Cloud PC assignment.
• Use the userDetail property on cloudPC to get the Microsoft Entra user details associated with a Reserve Cloud PC assignment.

Education

• Create a new educationGradingScheme on an educationClass.
• Add an existing educationGradingScheme to an existing educationAssignment.
• Add the default educationGradingScheme to an educationAssignmentSettings object.

Files

• The new SharePoint Embedded migration API enables you to programmatically schedule SharePoint migration jobs for bulk-migrating content from intermediary Azure blob storage containers to the target fileStorageContainer.
• Defined the following endpoints as supported for the driveItem: discardCheckout API:
  • /drives/{driveId}/items/{itemId}/discardCheckout
  • /groups/{groupId}/drive/items/{itemId}/discardCheckout
  • /me/drive/items/{item-id}/discardCheckout
  • /sites/{siteId}/drive/items/{itemId}/discardCheckout
  • /users/{userId}/drive/items/{itemId}/discardCheckout

Teamwork and communications | Administration

• Get the policy ID for a given policy name and policy type within Teams administration.
• Assign a Teams policy to a user using the user ID, policy type, and policy ID.
• Unassign a Teams policy from a user using the user ID and policy type.
• Added the telephoneNumberManagementRoot resource that represents a collection of available telephone number management operations.

Teamwork and communications | Calls and online meetings

• Removed inACall, inAConferenceCall, inactive, inAMeeting, presenting, urgentInterruptionsOnly, and offWork as supported values for the activity property of presence.
• Removed availableIdle and busyIdle as supported values for the availability property of presence.
• Added focusing, inACall, inAMeeting, and presenting as supported values to the availability property of presence.
• The throttling limit for the presence resource increased from 1,500 to 10,000 requests per 30 seconds, per application per tenant.

Security | eDiscovery

Added holdPolicySync as a supported value for the action property of the caseOperation and its inherited types.

Teamwork and communications | Messaging

• Create a one-on-one or group chat with installed apps.
• Create a one-on-one or group chat with RSC-granted apps.

Workbooks and charts

• Create a new workbookComment.
• Use the cellAddress property on workbookComment to get the cell where the comment is located.
• Use the mentions property on workbookComment or workbookCommentReply to get all the people mentioned within the comment or reply.
• Use the richContent property on workbookComment or workbookCommentReply to get the rich content of the comment or reply.

Contribute to Microsoft Graph

Are there scenarios you'd like Microsoft Graph to support?

• Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (https://graph.microsoft.com/beta) and v1.0 (https://graph.microsoft.com/v1.0) endpoints.

• Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.

• Join our research panel to provide your input on our developer experiences.

Related content

• Microsoft Graph developer blog.
• Microsoft Graph API changelog.
• Microsoft Graph what's new history.